Thanks! I used the courierwebadmin and didn't realize that the "default" actually made SPF very lenient.
----- Original Message ----- From: "Ben Kennedy" <[email protected]> To: "Ricardo Kleemann" <[email protected]> Sent: Monday, March 02, 2009 9:47 AM Subject: Fwd: Re: [courier-users] how does courier handle SPF? ---------------- Begin Forwarded Message ---------------- Subject: Re: [courier-users] how does courier handle SPF? Date Sent: Sunday, March 1, 2009 1:50 PM Date Rec.: Sunday, March 1, 2009 10:50 AM From: Sam Varshavchik <[email protected]> To: [email protected] Ricardo Kleemann writes: > Hi, > > I have SPF configured as follows: > > opt BOFHSPFHELO=pass,none,neutral,softfail,unknown > opt BOFHSPFMAILFROM=pass,none,neutral,softfail,unknown > opt BOFHSPFFROM=pass,none,neutral,softfail,unknown > opt BOFHSPFTRUSTME=1 > > Then I received a spam as if coming from myself, so I went to check the > headers, I see the SPF headers all stating that SPF check does not pass. > The reason it says "Old-Received-SPF" is because this message is forwarded > from a different account on another domain also running courier, > configured exactly the same as above. All the SPF checks show "not pass" > so why was the message not rejected? > > Old-Received-SPF: none (Address does not pass the Sender Policy Framework) > SPF=HELO; "none" is listed in BOFHSPFHELO, therefore this check passes. > Old-Received-SPF: softfail (Address does not pass the Sender Policy > Framework) > SPF=MAILFROM; "softfail" is listed in BOFHSPFMAILFROM, so this check passes. If you do not want to accept messages that evaluate to "softfail", for their MAIL FROM address, remove "softfail" from BOFHSPFMAILFROM. > Old-Received-SPF: softfail (Address does not pass the Sender Policy > Framework) > SPF=FROM; "softfail" is listed in BOFHSPFFROM, so this check passes. If you do not want to accept messages that evaluate to "softfail", for their FROM address, remove "softfail" from BOFHSPFFROM. Also, your BOFHSPFFROM should also include "mailfromok". See the courier man page. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ----------------- End Forwarded Message ----------------- -- Ben Kennedy (chief magician) zygoat creative technical services http://www.zygoat.ca ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
